CVE-2016-4423: Large username storage in session

Symfony 2.3.0 to 2.3.40, 2.7.0 to 2.7.12, 2.8.0 to 2.8.5, and 3.0.0 to 3.0.5
versions of the Security component are affected by this security issue when
using the username/password form authentication listener (and its simpler
version SimpleFormAuthenticationListener).

This issue has been fixed in Symfony 2.3.41, 2.7.13, 2.8.6, and 3.0.6.

Note that no fixes are provided for Symfony 2.4, 2.5, and 2.6 as they are not
maintained anymore.

When an authentication form is submitted by the user and if the user does not
exist, the submitted username is stored in the session. If an attacker submit
multiple requests with large usernames, he can potentially fill up the session
storage.

This checker can only detect vulnerabilities that are referenced Disclaimer in the SensioLabs security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.